package com.security.configuration;

import com.security.handler.MyAuthenticationFailHanadler;
import com.security.handler.MyAuthenticationSuccessHandler;
import com.security.service.UserServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

import javax.sql.DataSource;

@Configuration
public class SecutityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserServiceImpl userService;


    /**
     * 自定义登录页面提交
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin()
                //当发现是 /login 认为是登录必须和登录表单提交地址一样
                .loginProcessingUrl("/login")
                //自定义登录页面
                .loginPage("/login.html")
                //登录成功跳转的页面 必须是post请求
//                .successForwardUrl("/toMain")
                .successHandler(new MyAuthenticationSuccessHandler("https://www.baidu.com")) //登录成功处理器
                //登录失败跳转的页面
//                .failureForwardUrl("/error")
                .failureHandler(new MyAuthenticationFailHanadler("/error.html"))  //登录失败处理器
//                自定义用户名和密码
                .usernameParameter("uname")
                .passwordParameter("pwd")
        ;


//        授权认证
        http.authorizeRequests()
                //不需要认证就能访问
                .antMatchers("/login.html").permitAll()
                .antMatchers("/error.html").permitAll()
                .antMatchers("admin.html").hasAnyAuthority("admin","normal") //配置权限
                .antMatchers("admin.html").hasAnyRole("admin")//配置角色
                //所有的请求必须登录才能访问 请求必须被认证
                .anyRequest().authenticated();

//        记住我
        http.rememberMe()
//                自定义登录逻辑
                .userDetailsService(userService)
//                持久层对象
                .tokenRepository(getTokeRepository());
//        推出登录 跳转页面
        http.logout()
                .logoutUrl("/user/logout")
                .logoutSuccessUrl("/logout.html");

        /**
         * 关闭csrf
         * CSRF
         */
        http.csrf().disable();
    }

    @Bean
    public PasswordEncoder getPwdEncoder(){
        return new BCryptPasswordEncoder();
    }
    @Bean
    public PersistentTokenRepository getTokeRepository(){
        JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcTokenRepositoryImpl();
        jdbcTokenRepository.setCreateTableOnStartup(true);

        return jdbcTokenRepository;
    }
}
